I'm serving content for public websites and I'm wondering whether there would be any implications on using both CORS and JSONP for maximum browser support. For instance, I would be doing this:
<?php
// Simplified example to illustrate
if(isset($_GET['callback'])) {
header('Content-Type: application/javascript; charset=utf-8');
echo $_GET['callback'] . '(' . json_encode( ... ) . ')';
exit;
}
header('Access-Control-Allow-Origin: *');
header('Content-Type: application/json; charset=utf-8');
echo json_encode( ... );
Obviously I'm not sending the CORS-related headers with the JSONP response as that seems counter-intuitive. Are there any security or other implications with this method?
